Re: [squid-users] Transparent caching with WCCP.. please help

well khiz, what I am doing is just abiding what are u saying ..let me give
u my updated router config...

!
ip subnet-zero
ip wccp version 1
ip wccp web-cache redirect-list cache

interface Serial1/1----------------------->>> link connecting ISP ROUTER
 ip address 202.56.204.142 255.255.255.252
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache cef
ip wccp web-cache redirect out------>>>>> (say item ZZ )
!
!
!
ip access-list extended cache
 deny tcp host 202.56.207.35 any ------> 202.56.207.35 is my cache squid
 permit tcp any any eq www
!
!
now please note that when I am putting (item ZZ) in the serial line, we
get connection time out from our lan to any www site;

also with item ZZ, in serial interface ... there is no I SEE U>>> HERE I
AM Packets..... now;;

other data is the same...!! .. do u sugg. to use ip_wccp? ..well can we
solve the prob today?.. khiz u r really doing much help, May I ask where
are u from?

Regards,

Deeptish

On Thu, 27 Sep 2001, khiz code wrote:

:)but deeptish
:)u need to create an access list to match what ips u want to be wccp
:)redirected
:)something like
:) deny tcp host a.b.cd any
:)permit tcp any any eq www
:)
:)where a.b.c.d is IP of cache
:)then in global config mode do
:)ip wccp web-cache redirect-list cache
:)
:)cache is the name of the extended access list
:)
:)try out
:)rgds
:)so that in ur start config uhv something like
:)ip wccp version 1
:)ip wccp web-cache redirect-list cache
:)
:)
:)--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
:)>
:)>
:)> let me give you my router details: as now I have put ip wccp redirect
:)> out
:)> at the interface with connect to our ISP ( which stopped browsing for
:)> the
:)> whole lan ) and router could recognise cache, but no i see u
:)> packets....; well first the router code for you
:)>
:)>
:)> ip wccp version 1
:)> ip wccp web-cache
:)>
:)> interface FastEthernet1/0-------------------------> our lan is
:)> connected
:)> here
:)> description **Description Connected To Mantra**
:)> ip address 202.56.207.33 255.255.255.224
:)> ip verify unicast reverse-path
:)> no ip redirects
:)> no ip unreachables
:)> no ip directed-broadcast
:)> no ip proxy-arp
:)> no ip mroute-cache
:)> duplex auto
:)> speed auto
:)> no cdp enable
:)>
:)> interface Serial1/1
:)> description connected to Mantra------------ line to ISP (INTERNET)
:)> ip address 202.56.204.142 255.255.255.252
:)> no ip directed-broadcast
:)> ip wccp web-cache redirect out
:)> encapsulation ppp
:)> !
:)> --------------------
:)>
:)> router2>sh ip wccp
:)> Global WCCP information:
:)> Router information:
:)> Router Identifier: 202.56.207.33
:)> Protocol Version: 1.0
:)>
:)> Service Identifier: web-cache
:)> Number of Cache Engines: 1
:)> Number of routers: 1
:)> Total Packets Redirected: 6240
:)> Redirect access-list: -none-
:)> Total Packets Denied Redirect: 0
:)> Total Packets Unassigned: 0
:)> Group access-list: -none-
:)> Total Messages Denied to Group: 0
:)> Total Authentication failures: 0
:)>
:)> ----------------
:)> router2>sh ip wccp we detail
:)> WCCP Cache-Engine information:
:)> IP Address: 202.56.207.35
:)> Protocol Version: 0.4
:)> State: Usable
:)> Initial Hash Info: 00000000000000000000000000000000
:)> 00000000000000000000000000000000
:)> Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
:)> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
:)> Hash Allotment: 256 (100.00%)
:)> Packets Redirected: 6240
:)> Connect Time: 01:27:31
:)>
:)>
:)>
:)> ---------------------
:)> tcp dump at the cache...engine ( SQUID )
:)>
:)> 14:09:12.495325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:12.495325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:12.515325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:12.655325 eth0 > 202.56.207.35.2048 > rmantra.2048: udp 52 (DF)
:)> 14:09:12.655325 eth0 < rmantra.2048 > 202.56.207.35.2048: udp 64
:)> 14:09:12.995325 eth0 B arp who-has 202.56.207.54 tell rmantra
:)> 14:09:13.055325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:13.135325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:13.375325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:13.555325 eth0 < gre-proto-0x883E (gre encap)
:)> 14:09:13.665325 eth0 < gre-proto-0x883E (gre encap)
:)>
:)>
:)> [root@cache /root]# ifconfig
:)> eth0 Link encap:Ethernet HWaddr 00:01:02:94:2C:0A
:)> inet addr:202.56.207.35 Bcast:202.56.207.63
:)> Mask:255.255.255.224
:)> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
:)> RX packets:23680 errors:0 dropped:0 overruns:0 frame:0
:)> TX packets:11546 errors:0 dropped:0 overruns:0 carrier:0
:)> collisions:0 txqueuelen:100
:)> Interrupt:11 Base address:0xdc00
:)>
:)> gre1 Link encap:UNSPEC HWaddr
:)> CA-38-CF-23-00-00-00-00-00-00-00-00-00-00-00-00
:)> UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
:)> RX packets:7442 errors:0 dropped:0 overruns:0 frame:0
:)> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
:)> collisions:0 txqueuelen:0
:)>
:)> ------------------
:)> [root@cache /root]# ipchains -L
:)> Chain input (policy ACCEPT):
:)> target prot opt source destination
:)> ports
:)> ACCEPT all ------ localhost localhost
:)> n/a
:)> ACCEPT tcp ------ anywhere 202.56.207.34
:)> any ->
:)> http
:)> REDIRECT tcp ------ 202.56.207.32/27 anywhere
:)> any ->
:)> http => squid
:)> REDIRECT tcp ------ anywhere anywhere
:)> any ->
:)> http => squid
:)> ACCEPT all ------ 202.56.207.32/27 anywhere
:)> n/a
:)> ACCEPT all ------ anywhere 202.56.207.32/27
:)> n/a
:)> Chain forward (policy ACCEPT):
:)> Chain output (policy ACCEPT):
:)>
:)>
:)> now khiz, with ip wccp web-cache redirect out at my serial interface
:)> (
:)> going to my service provider )... my lan is unable to browse the
:)> internet.. and ls -l at /var/log/squid shows
:)>
:)> -rw-r--r-- 1 squid squid 0 Sep 17 14:26 access.log
:)>
:)>
:)> :( :( :(
:)>
:)> please specify what to do; earlier with ip wccp .... redirect out
:)> line at
:)> the ethernet interface... I could see the I SEE U.... packets at the
:)> router, now they are gone...;;; sugg.
:)>
:)> waiting....
:)>
:)>
:)> Regards,
:)>
:)> deeptish
:)>
:)>
:)>
:)> On Wed, 26 Sep 2001, khiz code wrote:
:)>
:)> :)
:)> :)i told u
:)> :)DONT APPLY Wccp on the interface on which cache is CONNECTED
:)> :)!!!!!!!!!!!!!1
:)> :)repeat !!!
:)> :)uve done the exact opposite
:)> :)apply on the int thru which ur web traffic traffic goes out in
:)> case
:)> :)there wud hv been no cache at all
:)> :)do get back and telkl the rsults
:)> :)--- Deeptish Dey <deeptish@lotus.saha.ernet.in> wrote:
:)> :)>
:)> :)> here goes
:)> :)>
:)> :)> [root@cache /root]# tcpdump port 2048
:)> :)> User level filter, protocol ALL, datagram packet socket
:)> :)> tcpdump: listening on all devices
:)> :)> 19:22:19.969439 eth0 > cache.2048 > rmantra.2048: udp 52 (DF)
:)> :)> 19:22:19.969439 eth0 < rmantra.2048 > cache.2048: udp 64
:)> :)> 19:22:30.389439 eth0 > cache.2048 > rmantra.2048: udp 52 (DF)
:)> :)> 19:22:30.389439 eth0 < rmantra.2048 > cache.2048: udp 64
:)> :)>
:)> :)> where.. cache is the squid machine; and rmantra is my router;;
:)> :)>
:)> :)> ip wccp web-cache redirect out is done at the ethernet interface
:)> :)> through
:)> :)> which cache is connected; I could not get any better with ip_wccp
:)> so
:)> :)> now I
:)> :)> am trying with ip_gre...
:)> :)>
:)> :)> there is no acl defined for now; if u feel I need to put some,
:)> please
:)> :)> give
:)> :)> me a better hint..
:)> :)>
:)> :)> also, its 7.30 PM in INDIA here, and I have to get going to my
:)> :)> home.. smile ... I will check your reply morrow morn... if u wish
:)> I
:)> :)> might
:)> :)> attach the router conf ... tomorrow.... dozon roses to you....
:)> :)>
:)> :)>
:)> :)> regards
:)> :)>
:)> :)> Deeptish
:)> :)>
:)> :)>
:)>
:)=== message truncated ===
:)
:)
:)__________________________________________________
:)Do You Yahoo!?
:)Listen to your Yahoo! Mail messages from any phone.
:)http://phone.yahoo.com
:)
Received on Thu Sep 27 2001 - 04:59:20 MDT